As part of our TRAC blog series, we will start with cyber security Training. We’re not simply starting here simply because “T” is the beginning of our acronym, but because this really is where organizations should start their information security programs.
That’s right, the most important aspect of information security and cyber security is not technology (though that is pretty important), it is cyber security training and education.
In order to be considered DFARS compliant, all DoD contractors who work with CUI must pass a readiness assessment following NIST SP 800-171 compliance guidelines which include: Access Control. Awareness and Training.
Why Training and Education?
As someone with a military background, I am steeped in prevention training and education from the battle field to the workplace.
The common theme that resonates throughout all of our training, is that if you are caught unaware, you will have little to no chance of preventing or mitigating an attack.
Consider something simple, like a kitchen fire.
If you have never dealt with fire, never experienced fire, and don’t have a plan or materials for dealing with fire, there is a very good chance that your house could burn down. All because of a simple, easily extinguished kitchen fire.
Flip this scenario on its head. You have a kitchen fire, but this time, you have bought an extinguisher and know how to use it, and how to deal with the fire (not putting water on a grease fire). You’ve also thought out ahead of time what to do in case of a fire.
The kitchen fire, which could have led to the entire house burning down, was extinguished and you avoided further damage.
Coincidentally, you might have to order pizza tonight.
Preparedness wins the day!
This axiom holds true across all types of hazard, risk, and loss mitigation.
Preparedness starts with understanding the threats, what they look like, how to handle them, and what to do to prevent them from occurring.
Cyber security education is an extreme version of this, because if we don’t educate all users of the network on how to prevent problems, they may actually worsen the problem, or worse, become the problem.
Long story short, cyber security education at all levels of responsibility within the organization should be the first step in building out an information security program.
From the IT team to security professionals to general users. Everyone needs to know about the threats and what to look for, while establishing acceptable cyber-behavior in the face of cyber threats.
This dramatically enhances the ability of an organization to mitigate a loss scenario.
That is why cyber security training is at the core of TRAC. It is a key component of information and cyber security, and provides the largest return on information security investment for the organization.
With proper cyber security education and awareness, you are able to transform your workforce from a source of the problem, into part of the defense solution.
One of the Cuick Trac key collaborators, InteProIQ, specializes in cyber security user training and awareness.
Focusing on training the “human factor” in order to reduce human error, and increase threat awareness in the security space, InteProIQ provides a comprehensive solution for organizations to develop a more secure business environment.
Specific to the Solution:
WorkWise™ is an online suite of training topics built to increase employee awareness of cyber security threats and decrease the risk of security breaches.
Visit our Cuick Trac blog page for more information security and cyber security knowledge!